Amazon has been fined €746 million, equivalent to $887 million, for allegedly violating a European Union data-privacy law. It’s the biggest monetary penalty imposed to date in connection with the EU’s three-year-old General Data Protection Regulation (GDPR).
On July 16, 2021, the Luxembourg National Commission for Data Protection (CNPD) issued a decision against Amazon Europe Core claiming that “Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation,” the company disclosed Friday in a 10-Q filing with the Securities and Exchange Commission.
In addition to the €746 million fine, the CNPD judgment requires “corresponding practice revisions,” Amazon said.
“We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter,” Amazon said in the filing.
Amazon’s EU headquarters are in Luxembourg, and thus its operations on the continent are subject to oversight by the country’s CNPD regulatory body.
Separately, last fall the European Commission filed antitrust charges against Amazon over alleged misuse of data to use non-public information to favor Amazon’s own retail business over third-party partner merchants. That case could result in Amazon being fined up to 10% of its annual global revenue.
The GDPR, which went into effect May 2018, mandates a company disclose what data it collects from users and what it does with that data. Companies also must allow users to download a copy of their data and delete any individual’s data on request.
Amazon’s disclosure of the fine comes a day after the ecommerce giant posted mixed Q2 earnings results. Amazon sales climbed 27% to $113.1 billion — the third straight quarter its revenue topped $100 billion — but that was was shy of Wall Street forecasts. Net income jumped about 50%, to $7.8 billion.